android

I suppose you’re all familiar with the “academic” examples of SQL injection when you put a AND 1=1 at the end of the SQL query and magically you get access to all kind of nasty things. I’ll show you how to use the same trick to do a SQL injection in Android, but for a good thing :)

I had the following situation: I’ve wanted to select group all the calls from the call log either by the caller name if the number was in the agenda or by number if the number was not in the agenda. To do this you need a content resolver, a URI and a projection to tell Android which columns you want to select. A typical call will look as follows:

Problem

Implement a smart dialer. When typing digits into a dialer, get all contacts that match any letters combination corresponding to the typed digits. If you type 564, for example, the dialer should suggest John.

Solution

The core of this dialer is an algorithm that returns all possible letter combinations for a dialed number. After this, just find any contact that starts with any of this combinations.

How to do it:

– we need a mapping between digits and letters.

– if the dialed number starts with 0 or 1, ignore it as they don’t match any letter on the keyboard

– otherwise, for each digit in the dialed number, iterate through each array of letters and put each possible combination into a list.

This can be implemented using recursion. The code in Java (for Android):